US20040114762A1 - Subset difference method for multi-cast rekeying - Google Patents

Subset difference method for multi-cast rekeying Download PDF

Info

Publication number
US20040114762A1
US20040114762A1 US10/318,486 US31848602A US2004114762A1 US 20040114762 A1 US20040114762 A1 US 20040114762A1 US 31848602 A US31848602 A US 31848602A US 2004114762 A1 US2004114762 A1 US 2004114762A1
Authority
US
United States
Prior art keywords
key
difference
content key
improvement
keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US10/318,486
Other versions
US7450722B2 (en
Inventor
Alexander Medvinsky
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google Technology Holdings LLC
Original Assignee
General Instrument Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by General Instrument Corp filed Critical General Instrument Corp
Assigned to GENERAL INSTRUMENT CORPORATION reassignment GENERAL INSTRUMENT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MEDVINSKY, ALEXANDER
Priority to US10/318,486 priority Critical patent/US7450722B2/en
Priority to CA2506146A priority patent/CA2506146C/en
Priority to EP03796905.2A priority patent/EP1570600B1/en
Priority to AU2003297834A priority patent/AU2003297834A1/en
Priority to PCT/US2003/039294 priority patent/WO2004056037A1/en
Publication of US20040114762A1 publication Critical patent/US20040114762A1/en
Publication of US7450722B2 publication Critical patent/US7450722B2/en
Application granted granted Critical
Assigned to GENERAL INSTRUMENT HOLDINGS, INC. reassignment GENERAL INSTRUMENT HOLDINGS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GENERAL INSTRUMENT CORPORATION
Assigned to MOTOROLA MOBILITY LLC reassignment MOTOROLA MOBILITY LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GENERAL INSTRUMENT HOLDINGS, INC.
Assigned to Google Technology Holdings LLC reassignment Google Technology Holdings LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MOTOROLA MOBILITY LLC
Adjusted expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention generally relates to multicasting in a network, and more specifically, to a method and system for providing improved multicast key management in a network.
  • a typical content delivery system includes a caching server responsible for delivering contents and a large number of clients or client applications that are under the control of the users.
  • a content delivery system may need to support hundreds of thousands, and possibly even millions, of users viewing a single event or program.
  • the programs are lengthy in duration and users are interested in only viewing some portion of a program (e.g., Olympics, shopping channel, news etc.).
  • it then becomes necessary to support a pay-by-time model.
  • a pay-by-time model a user is charged only for the portion of the program that he or she consumed.
  • a secure set-top client such pay-by-time functionality may be more easily implemented in a secure manner.
  • tamper-proof hardware can be used in the set-top client to report in an accurate manner the amount of time that the client tuned in to a particular program.
  • a general personal computer (PC) client cannot be trusted to perform such a task securely. This is because such PC client can be easily hacked.
  • PC client can be easily hacked.
  • One way to assure secure delivery of a program is to divide the program into program segments.
  • program segment key there is a unique program segment key associated with each program segment, where the program segment key could be either used to encrypt the content within that program segment directly or it can be used to encrypt multiple content keys.
  • a user that is authorized for a particular program segment will get the corresponding program segment key and will use it to decrypt the multiple content keys that are in turn used to decrypt the content within the program segment for viewing.
  • users that decide to leave a multicast or broadcast program would simply not be given more program segment keys for the following program segments, while the remaining users would continue receiving new program segment keys to allow them to continue viewing.
  • One straight-forward approach to support pay-by-time key management is to individually deliver the next program segment key to each user that remains in the multicast or broadcast group.
  • This approach presents a number of problems. For example, for large multicast groups, this approach requires delivering program segment keys well ahead of time to ensure that such keys are delivered in time for each user. Even then, pay-by-time system scalability is severely limited by re-keying and the size of each program segment must be sufficiently large to insure that subsequent program segment keys can be delivered in time.
  • a number of multicast re-keying approaches have been proposed in an attempt to solve the foregoing problem. Many of these approaches are efficient at revoking a few users at a time from a multicast group and are based on the assumption that users leave at a constant rate. However, in practical situations, a large number of users may leave and users cannot be expected to leave a multicast group on a constant basis. To the contrary, user departure rate tends to fluctuate widely over the course of a program. For example, a large number of users tend to all want to leave a multicast group after some logical portion of the program is over (e.g., a specific Olympic event). Hence, these existing approaches still do not provide sufficient scalability that would efficiently accommodate varying user departure rate, such as, when a large number of users decide to leave a multicast group within a short period of time (e.g., within the same program segment).
  • each user is placed as a leaf into a binary tree and is given a subset of keys in that tree that depends on the user's position in that tree.
  • the first time that a subgroup of users needs to be revoked from the group the overhead of removing such subgroup of users from the group is proportional to the size of the to-be-revoked subgroup. This appears to provide as much scalability as can be expected.
  • the overhead of removing such subsequent users becomes proportional to the number of users that have left the group since the beginning of the event. Consequently, as more and more users leave the group, the ability to revoke users from the group will likely degrade to an unacceptable level.
  • a user can be either a person or a client or client application or device that is under the control of a user.
  • FIG. 1 is a simplified schematic diagram illustrating a set of users belonging to a particular multicast group that have been arranged into a binary tree according to the subset-difference method.
  • the binary tree has a number of nodes V 1 -V 15 and a number of leaves V 16 -V 31 .
  • the leaves of the tree V 16 -V 3 represent the actual users and the leaves that are shaded, V 18 , V 19 , V 21 , V 24 , V 25 , V 26 and V 27 , correspond to users that are to be revoked from the group.
  • the binary tree is further divided into subtrees that are rooted at nodes V 4 , V 5 and V 3 .
  • Each of these subtrees contains an inner subtree, where an inner subtree includes only the to-be-revoked leaves.
  • an inner subtree includes only the to-be-revoked leaves.
  • V 4 there is an inner subtree rooted at node V 9 that contains only the to-be-revoked leaves, V 18 and V 19 .
  • the main idea of the subset-difference method is to have a key for each of the outer subtrees that is known to everyone in the outer subtree but not known to anyone inside the inner (revoked) subtree. This key is designated as L I,J .
  • L I,J For example, for the outer subtree rooted at node V 4 , this outer subtree including node V 8 and leaves V 16 and V 17 , there is a key L 4,9 that is known only to leaves V 16 , V 17 but not to leaves V 18 , V 19 .
  • a new content key (CK) is sent out encrypted using the following difference keys: L 4,9 , L 5,21 and L 3,6 .
  • leaf “u” When a particular leaf “u” is first initialized (i.e., when joining a multicast), this leaf “u” receives the following labels: for every V I ancestor of leaf “u”, leaf “u” receives all difference labels that are “hanging off the path” from V I to leaf “u”. From each of the labels, leaf “u” can derive the keys that it needs. For example, the path from root V 1 to leaf V 22 is as follows: V 1 , V 2 , V 5 , V 11 and V 22 .
  • leaf V 22 When leaf V 22 is initialized, it would receive the following difference labels: LABEL 1,3 , LABEL 1,4 , LABEL 1,10 , LABEL 1,23 , LABEL 2,4 , LABEL 2,10 , LABEL 2,23 , LABEL 5,10 , LABEL 5,23 , LABEL 11,23
  • the new content key is sent out encrypted using L 4,9 , L 5,21 and L 3,6 .
  • V 22 derives L 5,21 from LABEL 5,10 (which it was given during initialization) as follows:
  • O(N) is the number of messages required for one rekeying for N users participating in the multicast.
  • N 8 million ⁇ 2 23
  • each user joining a multicast would get initialized with two hundred and seventy-six (276) keys.
  • each key is one hundred and twenty-eight (128) bits (or sixteen (16) bytes) in length, this would require 276*16 ⁇ 4.5 Kbytes of key storage.
  • these keys would probably have to be stored encrypted outside of the chip. Details of the subset-difference method can be further found in the publication, “Revocation and Tracing Schemes for Stateless Receivers”, by D. Naor et al., the disclosure of which is hereby incorporated by reference in its entirety for all purposes.
  • An improved subset-difference method uses the value of a current content key to help generate the requisite difference keys.
  • the requisite difference keys are then used to encrypt the next content key which will be delivered only to users who are supposed to remain in the group. Users who have the current content key are then able to generate the requisite difference keys which they can then use to decrypt the next content key.
  • the users are then able to continue to receive contents. Since previously revoked users do not have the current content key, they are unable to determine the next content key and thus are prevented from receiving future contents.
  • the present invention can be deployed in systems that rely on secure information delivery where the information is encrypted using a common group key.
  • Such systems include, for example, multicast or broadcast content delivery systems.
  • the exemplary method of the present invention provides a number of advantages and/or benefits. For example, in order to rekey a group, only O(r) messages are needed, where r is the number of users to be revoked, as compared to the subset-difference method, where O(R) messages are needed to accomplish the same task, only that R is the number of users that have been revoked from the very beginning of a multicast.
  • FIG. 1 is a simplified schematic diagram illustrating a set of users of a particular multicast that have been arranged into a binary tree according to the subset-difference method
  • FIG. 2 is a simplified schematic diagram illustrating initialization of a leaf in a binary tree according to the subset-difference method.
  • the present invention in the form of one or more exemplary embodiments will now be described.
  • the subset-difference method as described above is improved such that the overhead of removing members from a multicast group is proportional only to the size of the next set of members that want to leave the group.
  • the exemplary method modifies the subset-difference method to achieve the foregoing improvement as follows. Assume that the current content key is CK p and the next content key that is to be sent out during revocation of some leaves in the tree is CK p+1 . Then, the difference key L I,J is computed as follows:
  • a user that previously left the group may re-join subsequently and gets a different position in the tree.
  • the user will have the difference keys for two different leaves and if that user leaves a second time, it may still be able to get content keys using its difference keys from the first period of membership in the group.
  • the respective positions of revoked users in the tree are recorded and if a revoked user joins again, it is given the same position as last time when it was in the group.
  • the amount of such material can be reduced by not varying the labels for each multicast.
  • the tree with all of its labels for inner nodes is kept relatively static, possibly only changing occasionally like the service keys.
  • the values of the labels in the tree are globally made the same and are stored in a key distribution center (KDC) database.
  • KDC key distribution center
  • the KDC database is responsible for maintaining and handing out multicast group keys at a periodic interval.
  • the KDC database would return a complete set of labels along with a ticket granting ticket (TGT) to each caching server and would also return an appropriate subset of the labels to each user along with the user's TGT.
  • TGT ticket granting ticket
  • AS Req/Rep initial exchange
  • L I,J G M (LABEL I,J , PSK P ), where PSK P represents the program segment key.
  • PSK P represents the program segment key.
  • the very first PSK P delivered to a user that joins a group cannot be delivered using the exemplary method, since PSK p ⁇ 1 is not known at that time to this user.
  • the first PSKP would be delivered to a user using the same point-to-point protocol (e.g., Kerberos) that is used to verify the identity of this user and check if the user is authorized for the multicast.
  • point-to-point protocol e.g., Kerberos
  • the KDC database can change the set of difference labels on a periodic basis, such as once a month or once every several months, and the different sets of labels could be identified with a predetermined version number for synchronization.
  • the present invention is implemented in the form of control logic using computer software. Based on the disclosure and teachings provided herein, it will be appreciated by a person of ordinary skill in the art that the present invention can be implemented in other ways and/or methods including, for example, hardware and/or a combination of hardware and software.

Abstract

An improved subset-difference method is provided. The improved method uses the value of a current content key to help generate the requisite difference keys. The requisite difference keys are then used to encrypt the next content key which will be delivered only to users who are supposed to remain in the group. Users who have the current content key are then able to generate the requisite difference keys which they can then use to decrypt the next content key. Using the decrypted next content key, the users are then able to continue to receive contents. Since previously revoked users do not have the current content key, they are unable to determine the next content key and thus are prevented from receiving future contents.

Description

    BACKGROUND OF THE INVENTION
  • The present invention generally relates to multicasting in a network, and more specifically, to a method and system for providing improved multicast key management in a network. [0001]
  • Using modern technologies that are available today, content delivery systems are capable of delivering contents over computer networks to a large number of users. A typical content delivery system includes a caching server responsible for delivering contents and a large number of clients or client applications that are under the control of the users. For example, a content delivery system may need to support hundreds of thousands, and possibly even millions, of users viewing a single event or program. In some cases, the programs are lengthy in duration and users are interested in only viewing some portion of a program (e.g., Olympics, shopping channel, news etc.). In order to charge users for such programming, it then becomes necessary to support a pay-by-time model. In a pay-by-time model, a user is charged only for the portion of the program that he or she consumed. [0002]
  • In a secure set-top client, such pay-by-time functionality may be more easily implemented in a secure manner. For example, tamper-proof hardware can be used in the set-top client to report in an accurate manner the amount of time that the client tuned in to a particular program. However, a general personal computer (PC) client cannot be trusted to perform such a task securely. This is because such PC client can be easily hacked. As a result, in order to support pay-by-time functionality with untrusted clients, a program needs to be delivered in a secure manner. One way to assure secure delivery of a program is to divide the program into program segments. There is a unique program segment key associated with each program segment, where the program segment key could be either used to encrypt the content within that program segment directly or it can be used to encrypt multiple content keys. A user that is authorized for a particular program segment will get the corresponding program segment key and will use it to decrypt the multiple content keys that are in turn used to decrypt the content within the program segment for viewing. In this manner, users that decide to leave a multicast or broadcast program would simply not be given more program segment keys for the following program segments, while the remaining users would continue receiving new program segment keys to allow them to continue viewing. [0003]
  • One straight-forward approach to support pay-by-time key management is to individually deliver the next program segment key to each user that remains in the multicast or broadcast group. This approach presents a number of problems. For example, for large multicast groups, this approach requires delivering program segment keys well ahead of time to ensure that such keys are delivered in time for each user. Even then, pay-by-time system scalability is severely limited by re-keying and the size of each program segment must be sufficiently large to insure that subsequent program segment keys can be delivered in time. [0004]
  • A number of multicast re-keying approaches have been proposed in an attempt to solve the foregoing problem. Many of these approaches are efficient at revoking a few users at a time from a multicast group and are based on the assumption that users leave at a constant rate. However, in practical situations, a large number of users may leave and users cannot be expected to leave a multicast group on a constant basis. To the contrary, user departure rate tends to fluctuate widely over the course of a program. For example, a large number of users tend to all want to leave a multicast group after some logical portion of the program is over (e.g., a specific Olympic event). Hence, these existing approaches still do not provide sufficient scalability that would efficiently accommodate varying user departure rate, such as, when a large number of users decide to leave a multicast group within a short period of time (e.g., within the same program segment). [0005]
  • In one of the proposed multicast key management schemes commonly known as the subset-difference method, each user is placed as a leaf into a binary tree and is given a subset of keys in that tree that depends on the user's position in that tree. The first time that a subgroup of users needs to be revoked from the group, the overhead of removing such subgroup of users from the group is proportional to the size of the to-be-revoked subgroup. This appears to provide as much scalability as can be expected. However, as time goes on and additional users leave the group, the overhead of removing such subsequent users becomes proportional to the number of users that have left the group since the beginning of the event. Consequently, as more and more users leave the group, the ability to revoke users from the group will likely degrade to an unacceptable level. [0006]
  • For purposes of illustration and simplicity herein, it should be understood that a user can be either a person or a client or client application or device that is under the control of a user. [0007]
  • FIG. 1 is a simplified schematic diagram illustrating a set of users belonging to a particular multicast group that have been arranged into a binary tree according to the subset-difference method. The binary tree has a number of nodes V[0008] 1-V15 and a number of leaves V16-V31. The leaves of the tree V16-V3, represent the actual users and the leaves that are shaded, V18, V19, V21, V24, V25, V26 and V27, correspond to users that are to be revoked from the group.
  • The binary tree is further divided into subtrees that are rooted at nodes V[0009] 4, V5 and V3. Each of these subtrees contains an inner subtree, where an inner subtree includes only the to-be-revoked leaves. For example, for a subtree rooted at node V4, there is an inner subtree rooted at node V9 that contains only the to-be-revoked leaves, V18 and V19.
  • The main idea of the subset-difference method is to have a key for each of the outer subtrees that is known to everyone in the outer subtree but not known to anyone inside the inner (revoked) subtree. This key is designated as L[0010] I,J. For example, for the outer subtree rooted at node V4, this outer subtree including node V8 and leaves V16 and V17, there is a key L4,9 that is known only to leaves V16, V17 but not to leaves V18, V19. In this example, in order to revoke leaves V18, V19, V21, V24, V25, V26 and V27, a new content key (CK) is sent out encrypted using the following difference keys: L4,9, L5,21 and L3,6.
  • Keys L[0011] I,J are generated as follows. First, each inner node VI in the tree is assigned a unique and independent label LABELI. Then, a “difference label” for the left child of VI is derived using an one-way function GL: GL (LABELI). Similarly, for the right child of VI, a difference label GR(LABELI) is created. Next, in order to compute a difference label LABELI,J for an outer subtree rooted at node VI and an inner subtree rooted at node VJ, one has to start with the original label LABELI for node VI and then derive the difference label by applying functions GL and GR multiple times, depending on the path between VI and VJ. For example, label LABEL3,28=GL(GL(GR(LABEL3))). The key LI,j is then computed by simply applying another one-way function GM to the difference label LABELI,J, i.e., LI,J GM(LABELI,J).
  • When a particular leaf “u” is first initialized (i.e., when joining a multicast), this leaf “u” receives the following labels: for every V[0012] I ancestor of leaf “u”, leaf “u” receives all difference labels that are “hanging off the path” from VI to leaf “u”. From each of the labels, leaf “u” can derive the keys that it needs. For example, the path from root V1 to leaf V22 is as follows: V1, V2, V5, V11 and V22. When leaf V22 is initialized, it would receive the following difference labels:
    LABEL1,3, LABEL1,4, LABEL1,10, LABEL1,23,
    LABEL2,4, LABEL2,10, LABEL2,23,
    LABEL5,10, LABEL5,23,
    LABEL11,23
  • The foregoing is graphically illustrated in FIG. 2. [0013]
  • Referring back to FIG. 1, in order to revoke the indicated leaves (V[0014] 18, V19, V21, V24, V25, V26 and V27), as previously mentioned, the new content key is sent out encrypted using L4,9, L5,21 and L3,6. In order for V22 to obtain the new content key, V22 derives L5,21 from LABEL5,10 (which it was given during initialization) as follows:
  • L 5,21 =G M(LABEL5,21)=G M(G R(LABEL5,10))
  • The number of keys received by a leaf “u” during initialization turns out to be: [0015]
  • Log(N)+(Log(N)−1)+(Log(N)−2)+ . . . +1=Log(N)*(Log(N)+1)/2
  • The foregoing can be simplified to O(log(N)[0016] 2), where O(N) is the number of messages required for one rekeying for N users participating in the multicast. For example, with N=8 million ˜223, each user joining a multicast would get initialized with two hundred and seventy-six (276) keys. In the case that each key is one hundred and twenty-eight (128) bits (or sixteen (16) bytes) in length, this would require 276*16˜4.5 Kbytes of key storage. Where a security chip is utilized, these keys would probably have to be stored encrypted outside of the chip. Details of the subset-difference method can be further found in the publication, “Revocation and Tracing Schemes for Stateless Receivers”, by D. Naor et al., the disclosure of which is hereby incorporated by reference in its entirety for all purposes.
  • One main problem with the subset-difference method is that once some users in the group are revoked, none of the inner node labels and none of the difference keys are modified. As a result, in order to insure that the previously revoked users do not receive any more content keys, these users have to be counted as to-be-revoked users during each rekeying even though they have already been revoked previously. In other words, during each rekeying, previously revoked users have to be counted again for revocation purposes. Thus, the number of to-be-revoked leaves R grows each time and could eventually approach the total number of leaves N in the tree. [0017]
  • It would be impractical to modify the inner node labels during each rekeying because of the way the keys are derived from the labels. For example, if root label LABEL[0018] I is modified, it automatically affects the values of all of the difference labels LABEL1,x and most of the leaves in the tree will have to be updated with some new difference labels. Consequently, modifying the inner node labels during each rekeying presents a scalability problem.
  • In addition to this problem, since each user of the group has to be initialized with a considerable amount of keying material which in the worst case scenario could amount to several Kbytes, it would be impractical to initialize each user joining a multicast with all of the necessary labels at the time s/he joins the multicast. [0019]
  • Hence, it would be desirable to provide an improved subset-difference method that is able to improve multicast key management in a network to allow for more efficient revocation of users from a group and conversely rekeying of remaining users. [0020]
    • BRIEF SUMMARY OF THE INVENTION
  • An improved subset-difference method is provided. The improved method uses the value of a current content key to help generate the requisite difference keys. The requisite difference keys are then used to encrypt the next content key which will be delivered only to users who are supposed to remain in the group. Users who have the current content key are then able to generate the requisite difference keys which they can then use to decrypt the next content key. Using the decrypted next content key, the users are then able to continue to receive contents. Since previously revoked users do not have the current content key, they are unable to determine the next content key and thus are prevented from receiving future contents. [0021]
  • In an exemplary application, the present invention can be deployed in systems that rely on secure information delivery where the information is encrypted using a common group key. Such systems include, for example, multicast or broadcast content delivery systems. [0022]
  • The exemplary method of the present invention provides a number of advantages and/or benefits. For example, in order to rekey a group, only O(r) messages are needed, where r is the number of users to be revoked, as compared to the subset-difference method, where O(R) messages are needed to accomplish the same task, only that R is the number of users that have been revoked from the very beginning of a multicast. [0023]
  • Reference to the remaining portions of the specification, including the drawings and claims, will realize other features and advantages of the present invention. Further features and advantages of the present invention, as well as the structure and operation of various embodiments of the present invention, are described in detail below with respect to accompanying drawings, like reference numbers indicate identical or functionally similar elements. [0024]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a simplified schematic diagram illustrating a set of users of a particular multicast that have been arranged into a binary tree according to the subset-difference method; and [0025]
  • FIG. 2 is a simplified schematic diagram illustrating initialization of a leaf in a binary tree according to the subset-difference method.[0026]
    • DETAILED DESCRIPTION OF THE INVENTION
  • The present invention in the form of one or more exemplary embodiments will now be described. According to one exemplary method of the present invention, the subset-difference method as described above is improved such that the overhead of removing members from a multicast group is proportional only to the size of the next set of members that want to leave the group. [0027]
  • The exemplary method modifies the subset-difference method to achieve the foregoing improvement as follows. Assume that the current content key is CK[0028] p and the next content key that is to be sent out during revocation of some leaves in the tree is CKp+1. Then, the difference key LI,J is computed as follows:
  • L I,J =G M(LABELI,J , CK p)
  • During the next rekeying, difference keys are changed to the following values: [0029]
  • L I,J =G M(LABELI,J , CK p+1)
  • Also, the content key will be changed to CK[0030] p+2.
  • During the second rekeying, since previously revoked users in the group do not know the content key CK[0031] p+1, they will not be able to generate the correct difference key LI,J and therefore they will also not be able to figure out the value of CKp+2. As a result, any previously revoked user that does not possess a current content key is unable to get the next content key even if it had all the labels in the tree. Hence, during the second rekeying, it is not necessary to revoke the previously revoked leaves again. In other words, only the additional to-be-revoked leaves need to be revoked.
  • In some situations, a user that previously left the group may re-join subsequently and gets a different position in the tree. In this case, the user will have the difference keys for two different leaves and if that user leaves a second time, it may still be able to get content keys using its difference keys from the first period of membership in the group. In order to avoid this situation of users getting unauthorized content keys, the respective positions of revoked users in the tree are recorded and if a revoked user joins again, it is given the same position as last time when it was in the group. [0032]
  • With respect to the issue of amount of keying material needed to initialize a user joining a multicast group, the amount of such material can be reduced by not varying the labels for each multicast. The tree with all of its labels for inner nodes is kept relatively static, possibly only changing occasionally like the service keys. In one exemplary embodiment implemented using a Kerberos or ESBroker system, the values of the labels in the tree are globally made the same and are stored in a key distribution center (KDC) database. The KDC database is responsible for maintaining and handing out multicast group keys at a periodic interval. The KDC database would return a complete set of labels along with a ticket granting ticket (TGT) to each caching server and would also return an appropriate subset of the labels to each user along with the user's TGT. As a result, the user's position in he multicast key hierarchy would be determined during an initial exchange (AS Req/Rep) with the KDC database. [0033]
  • In one exemplary application where pay-by-time events are sold in units of program segments, the exemplary method for rekeying is applied to effect changing program segment keys. A difference key L[0034] I,J is computed as follows: LI,J=GM(LABELI,J, PSKP), where PSKP represents the program segment key. In this application, the very first PSKP delivered to a user that joins a group cannot be delivered using the exemplary method, since PSKp−1 is not known at that time to this user. Preferably, the first PSKP would be delivered to a user using the same point-to-point protocol (e.g., Kerberos) that is used to verify the identity of this user and check if the user is authorized for the multicast.
  • Furthermore, in order to avoid cloning of the set of difference labels. The KDC database can change the set of difference labels on a periodic basis, such as once a month or once every several months, and the different sets of labels could be identified with a predetermined version number for synchronization. [0035]
  • In one exemplary embodiment, the present invention is implemented in the form of control logic using computer software. Based on the disclosure and teachings provided herein, it will be appreciated by a person of ordinary skill in the art that the present invention can be implemented in other ways and/or methods including, for example, hardware and/or a combination of hardware and software. [0036]
  • It is understood that the examples and embodiments described herein are for illustrative purposes only and that various modifications or changes in light thereof will be suggested to persons skilled in the art and are to be included within the spirit and purview of this application and scope of the appended claims. All publications, patents, and patent applications cited herein are hereby incorporated by reference for all purposes in their entirety. [0037]

Claims (10)

What is claimed is:
1. An improvement to a subset-difference method, the subset-difference method using a plurality of difference keys to encrypt a content key, each of the plurality of difference keys being generated by using a corresponding label, the improvement comprising:
generating each of the plurality of difference keys using the corresponding label and a current content key;
wherein the plurality of difference keys are used to encrypt a next content key; and
wherein the next content key is used to ensure continued delivery of contents.
2. The improvement of claim 1 wherein the improvement and the subset-difference method are implemented in a content delivery system that is capable of providing multicasting.
3. The improvement of claim 2 wherein the content delivery system includes a plurality of clients under the control of corresponding users, a key distribution center and a caching server; and
wherein the key distribution center delivers the corresponding labels that are used to respectively generate the plurality of difference keys to the plurality of clients and the caching server.
4. The improvement of claim 1 wherein the content key represents a program segment key;
wherein the current content key represents a current program segment key;
wherein the next content key represents a next program segment key; and
wherein the next program segment key is used to ensure continued delivery of a next program segment.
5. The improvement of claim 1 wherein the improvement and the subset-difference method are implemented using computer software.
6. An improved subset-difference method, the subset-difference method utilizing a plurality of difference keys to encrypt a content key, the plurality of difference keys being generated using corresponding labels, the improvement comprising:
generating the plurality of difference keys using a first content key and corresponding labels; and
during a rekeying, using the first plurality of difference keys to derive a second content key;
wherein the second content key is used to ensure continued delivery of contents.
7. The improvement of claim 6 wherein the improvement and the subset-difference method are implemented in a content delivery system that is capable of providing multicasting.
8. The improvement of claim 7 wherein the content delivery system includes a plurality of clients under the control of corresponding users, a key distribution center and a caching server; and
wherein the key distribution center delivers the corresponding labels that are used to respectively generate the plurality of difference keys to the plurality of clients and the caching server.
9. The improvement of claim 6 wherein the content key represents a program segment key;
wherein the first content key represents a first program segment key;
wherein the second content key represents a second program segment key; and
wherein the second program segment key is used to ensure continued delivery of a next program segment.
10. The improvement of claim 6 wherein the improvement and the subset-difference method are implemented using computer software.
US10/318,486 2002-12-13 2002-12-13 Subset difference method for multi-cast rekeying Expired - Fee Related US7450722B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US10/318,486 US7450722B2 (en) 2002-12-13 2002-12-13 Subset difference method for multi-cast rekeying
PCT/US2003/039294 WO2004056037A1 (en) 2002-12-13 2003-12-10 Improved subset difference method for multi-cast rekeying
EP03796905.2A EP1570600B1 (en) 2002-12-13 2003-12-10 Improved subset difference method for multi-cast rekeying
AU2003297834A AU2003297834A1 (en) 2002-12-13 2003-12-10 Improved subset difference method for multi-cast rekeying
CA2506146A CA2506146C (en) 2002-12-13 2003-12-10 Improved subset difference method for multi-cast rekeying

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/318,486 US7450722B2 (en) 2002-12-13 2002-12-13 Subset difference method for multi-cast rekeying

Publications (2)

Publication Number Publication Date
US20040114762A1 true US20040114762A1 (en) 2004-06-17
US7450722B2 US7450722B2 (en) 2008-11-11

Family

ID=32506358

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/318,486 Expired - Fee Related US7450722B2 (en) 2002-12-13 2002-12-13 Subset difference method for multi-cast rekeying

Country Status (5)

Country Link
US (1) US7450722B2 (en)
EP (1) EP1570600B1 (en)
AU (1) AU2003297834A1 (en)
CA (1) CA2506146C (en)
WO (1) WO2004056037A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040139024A1 (en) * 2002-12-18 2004-07-15 Vincent So Internet-based data content rental system and method
US20040151310A1 (en) * 2003-01-31 2004-08-05 Fu Kevin E. Method and system for relating cryptographic keys
US20050018853A1 (en) * 2003-04-08 2005-01-27 Antonio Lain Cryptographic key update management method and apparatus
US20050018842A1 (en) * 2003-07-21 2005-01-27 Fu Kevin E. Windowed backward key rotation
WO2006054927A1 (en) * 2004-11-16 2006-05-26 Telefonaktiebolaget Lm Ericsson (Publ) Improved key distribution in systems for selective access to information
US20060193473A1 (en) * 2005-02-28 2006-08-31 Judy Fu Key management for group communications
JP2006253822A (en) * 2005-03-08 2006-09-21 Toshiba Corp Decryption device, decryption method, and program
WO2006121252A1 (en) * 2005-05-09 2006-11-16 Samsung Electronics Co., Ltd. Method and apparatus for efficiently encrypting/decrypting digital content according to broadcast encryption scheme
KR100708134B1 (en) 2005-05-25 2007-04-17 삼성전자주식회사 Method and apparatus for encrypting/decrypting efficiently according to broadcast encryption scheme
KR100708133B1 (en) 2005-05-25 2007-04-17 삼성전자주식회사 Method and apparatus for encrypting/decrypting efficiently according to broadcast encryption scheme
US20070143600A1 (en) * 2003-12-23 2007-06-21 Motorola, Inc. Rekeying in secure mobile multicast communications
EP1890493A1 (en) * 2006-08-17 2008-02-20 Nagracard S.A. Method for revocating security modules used to secure broadcast messages
US20080075286A1 (en) * 2006-09-27 2008-03-27 Samsung Electronics Co., Ltd. Method and apparatus for updating a group key
US20080123853A1 (en) * 2006-11-29 2008-05-29 Samsung Electronics Co., Ltd. Rekey index generation method and rekey index generation apparatus
US20110188655A1 (en) * 2010-02-04 2011-08-04 Nagravision Sa Method to manage members of at least one group of decoders having access to broadcast data
CN102394744A (en) * 2011-11-10 2012-03-28 香港应用科技研究院有限公司 System of using broadcast encryption to carry out content distribution and method thereof
US8699486B1 (en) * 2010-12-07 2014-04-15 Juniper Networks, Inc. Managing multicast distribution using multicast trees
US9071421B2 (en) 2010-12-15 2015-06-30 Microsoft Technology Licensing, Llc Encrypted content streaming
US10467384B2 (en) 2016-05-18 2019-11-05 International Business Machines Corporation Subset-difference broadcast encryption with blacklisting

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8396896B2 (en) 2010-11-10 2013-03-12 International Business Machines Corporation Assigning resources to a binary tree structure

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020002678A1 (en) * 1998-08-14 2002-01-03 Stanley T. Chow Internet authentication technology
US20020094081A1 (en) * 2001-01-16 2002-07-18 Alexander Medvinsky System for securely communicating information packets
US20020104001A1 (en) * 2001-01-26 2002-08-01 International Business Machines Corporation Method for ensuring content protection and subscription compliance
US20020133701A1 (en) * 2001-01-26 2002-09-19 International Business Machines Corporation Method for tracing traitor receivers in a broadcast encryption system
US20020138437A1 (en) * 2001-01-08 2002-09-26 Lewin Daniel M. Extending an internet content delivery network into an enterprise environment by locating ICDN content servers topologically near an enterprise firewall
US20020172366A1 (en) * 2000-10-26 2002-11-21 General Instrument, Inc. Initial viewing period for scalable authorization of streaming multimedia content
US20030044017A1 (en) * 1999-07-23 2003-03-06 Briscoe Robert John Data distribution
US20030126464A1 (en) * 2001-12-04 2003-07-03 Mcdaniel Patrick D. Method and system for determining and enforcing security policy in a communication session
US20030140235A1 (en) * 2000-06-02 2003-07-24 Guy Immega Method for biometric encryption of email
US20030142826A1 (en) * 2002-01-30 2003-07-31 Tomoyuki Asano Efficient revocation of receivers
US20030198350A1 (en) * 2002-04-18 2003-10-23 International Business Machines Corporation Method, system and program product for managing a size of a key management block during content distribution
US7065643B1 (en) * 2000-03-28 2006-06-20 Motorola, Inc. Network compromise recovery methods and apparatus

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020002678A1 (en) * 1998-08-14 2002-01-03 Stanley T. Chow Internet authentication technology
US20030044017A1 (en) * 1999-07-23 2003-03-06 Briscoe Robert John Data distribution
US7065643B1 (en) * 2000-03-28 2006-06-20 Motorola, Inc. Network compromise recovery methods and apparatus
US20030140235A1 (en) * 2000-06-02 2003-07-24 Guy Immega Method for biometric encryption of email
US20020172366A1 (en) * 2000-10-26 2002-11-21 General Instrument, Inc. Initial viewing period for scalable authorization of streaming multimedia content
US20020138437A1 (en) * 2001-01-08 2002-09-26 Lewin Daniel M. Extending an internet content delivery network into an enterprise environment by locating ICDN content servers topologically near an enterprise firewall
US20020094081A1 (en) * 2001-01-16 2002-07-18 Alexander Medvinsky System for securely communicating information packets
US20020104001A1 (en) * 2001-01-26 2002-08-01 International Business Machines Corporation Method for ensuring content protection and subscription compliance
US20020133701A1 (en) * 2001-01-26 2002-09-19 International Business Machines Corporation Method for tracing traitor receivers in a broadcast encryption system
US20030126464A1 (en) * 2001-12-04 2003-07-03 Mcdaniel Patrick D. Method and system for determining and enforcing security policy in a communication session
US20030142826A1 (en) * 2002-01-30 2003-07-31 Tomoyuki Asano Efficient revocation of receivers
US20030198350A1 (en) * 2002-04-18 2003-10-23 International Business Machines Corporation Method, system and program product for managing a size of a key management block during content distribution

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040139024A1 (en) * 2002-12-18 2004-07-15 Vincent So Internet-based data content rental system and method
US7849016B2 (en) * 2002-12-18 2010-12-07 Vincent So Internet-based data content rental system and method
US7313238B2 (en) * 2003-01-31 2007-12-25 Hewlett-Packard Development Company, L.P. Method and system for relating cryptographic keys
US20040151310A1 (en) * 2003-01-31 2004-08-05 Fu Kevin E. Method and system for relating cryptographic keys
US8045713B2 (en) * 2003-04-08 2011-10-25 Hewlett-Packard Development Company, L.P. Cryptographic key update management method and apparatus
US20050018853A1 (en) * 2003-04-08 2005-01-27 Antonio Lain Cryptographic key update management method and apparatus
US20050018842A1 (en) * 2003-07-21 2005-01-27 Fu Kevin E. Windowed backward key rotation
US7697690B2 (en) 2003-07-21 2010-04-13 Hewlett-Packard Development Company, L.P. Windowed backward key rotation
US20070143600A1 (en) * 2003-12-23 2007-06-21 Motorola, Inc. Rekeying in secure mobile multicast communications
JP4690420B2 (en) * 2004-11-16 2011-06-01 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Improved key distribution in a system for selective access to information
WO2006054927A1 (en) * 2004-11-16 2006-05-26 Telefonaktiebolaget Lm Ericsson (Publ) Improved key distribution in systems for selective access to information
JP2008521278A (en) * 2004-11-16 2008-06-19 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Improved key distribution in a system for selective access to information
US7813510B2 (en) * 2005-02-28 2010-10-12 Motorola, Inc Key management for group communications
US20060193473A1 (en) * 2005-02-28 2006-08-31 Judy Fu Key management for group communications
JP4599194B2 (en) * 2005-03-08 2010-12-15 株式会社東芝 Decoding device, decoding method, and program
JP2006253822A (en) * 2005-03-08 2006-09-21 Toshiba Corp Decryption device, decryption method, and program
KR100765750B1 (en) 2005-05-09 2007-10-15 삼성전자주식회사 Method and apparatus for encrypting/decrypting efficiently according to broadcast encryption scheme
US9015077B2 (en) 2005-05-09 2015-04-21 Samsung Electronics Co., Ltd. Method and apparatus for efficiently encrypting/decrypting digital content according to broadcast encryption scheme
WO2006121252A1 (en) * 2005-05-09 2006-11-16 Samsung Electronics Co., Ltd. Method and apparatus for efficiently encrypting/decrypting digital content according to broadcast encryption scheme
JP2008541606A (en) * 2005-05-09 2008-11-20 サムスン エレクトロニクス カンパニー リミテッド Method and apparatus for efficient encryption / decryption by broadcast encryption method
KR100708134B1 (en) 2005-05-25 2007-04-17 삼성전자주식회사 Method and apparatus for encrypting/decrypting efficiently according to broadcast encryption scheme
KR100708133B1 (en) 2005-05-25 2007-04-17 삼성전자주식회사 Method and apparatus for encrypting/decrypting efficiently according to broadcast encryption scheme
WO2008020041A1 (en) * 2006-08-17 2008-02-21 Nagracard S.A. Method of revocation of security modules used to secure broadcast messages
US7831045B2 (en) 2006-08-17 2010-11-09 Nagravision S.A. Security module revocation method used for securing broadcasted messages
US20090208010A1 (en) * 2006-08-17 2009-08-20 Pascal Junod System for traceable decryption of bandwidth-efficient broadcast of encrypted messages and security module revocation method used for securing broadcasted messages
US20080044019A1 (en) * 2006-08-17 2008-02-21 Nagracard Sa Security module revocation method used for securing broadcasted messages
US8548167B2 (en) 2006-08-17 2013-10-01 Nagravision S.A. System for traceable decryption of bandwidth-efficient broadcast of encrypted messages and security module revocation method used for securing broadcasted messages
EP1890493A1 (en) * 2006-08-17 2008-02-20 Nagracard S.A. Method for revocating security modules used to secure broadcast messages
US8374353B2 (en) 2006-09-27 2013-02-12 Samsung Electronics Co., Ltd. Method and apparatus for updating a group key
US20080075286A1 (en) * 2006-09-27 2008-03-27 Samsung Electronics Co., Ltd. Method and apparatus for updating a group key
US20080123853A1 (en) * 2006-11-29 2008-05-29 Samsung Electronics Co., Ltd. Rekey index generation method and rekey index generation apparatus
US8509443B2 (en) 2006-11-29 2013-08-13 Samsung Electronics Co., Ltd. Rekey index generation method and rekey index generation apparatus
US10878848B2 (en) 2010-02-04 2020-12-29 Nagravision S.A. Apparatus for managing members of at least one group of decoders having access to broadcast data
US9100820B2 (en) 2010-02-04 2015-08-04 Nagravision S.A. Apparatus for managing members of at least one group of decoders having access to broadcast data
US20110188655A1 (en) * 2010-02-04 2011-08-04 Nagravision Sa Method to manage members of at least one group of decoders having access to broadcast data
WO2011095436A1 (en) 2010-02-04 2011-08-11 Nagravision S.A. Method to manage members of at least one group of decoders having access to audio/video data
US8526614B2 (en) 2010-02-04 2013-09-03 Nagravision S.A. Method to manage members of at least one group of decoders having access to broadcast data
EP2355503A1 (en) * 2010-02-04 2011-08-10 Nagravision S.A. Method to manage members of at least one group of decoders having access to audio/video data
US9730057B2 (en) 2010-02-04 2017-08-08 Nagravision S.A. Apparatus for managing members of at least one group of decoders having access to broadcast data
CN102742287A (en) * 2010-02-04 2012-10-17 纳格拉影像股份有限公司 Method to manage members of at least one group of decoders having access to audio/video data
EP2355504A1 (en) 2010-02-04 2011-08-10 Nagravision S.A. Method to manage members of at least one group of decoders having access to audio/video data
US20140211797A1 (en) * 2010-12-07 2014-07-31 Juniper Networks, Inc. Managing multicast distribution using multicast trees
US9596094B2 (en) * 2010-12-07 2017-03-14 Juniper Networks, Inc. Managing multicast distribution using multicast trees
US8699486B1 (en) * 2010-12-07 2014-04-15 Juniper Networks, Inc. Managing multicast distribution using multicast trees
US9071421B2 (en) 2010-12-15 2015-06-30 Microsoft Technology Licensing, Llc Encrypted content streaming
CN102394744A (en) * 2011-11-10 2012-03-28 香港应用科技研究院有限公司 System of using broadcast encryption to carry out content distribution and method thereof
US10467384B2 (en) 2016-05-18 2019-11-05 International Business Machines Corporation Subset-difference broadcast encryption with blacklisting
US11526583B2 (en) 2016-05-18 2022-12-13 International Business Machines Corporation Subset-difference broadcast encryption with blacklisting

Also Published As

Publication number Publication date
WO2004056037A1 (en) 2004-07-01
US7450722B2 (en) 2008-11-11
EP1570600B1 (en) 2016-09-07
AU2003297834A1 (en) 2004-07-09
EP1570600A1 (en) 2005-09-07
CA2506146C (en) 2013-07-09
CA2506146A1 (en) 2004-07-01

Similar Documents

Publication Publication Date Title
US7450722B2 (en) Subset difference method for multi-cast rekeying
KR100968181B1 (en) Access control over multicast
Liu et al. Efficient self-healing group key distribution with revocation capability
US6584566B1 (en) Distributed group key management for multicast security
CA2477571C (en) Key management protocol
US20060029226A1 (en) Method of updating group key of secure group during new member's registration into the secure group and communication system using the method
JP4690420B2 (en) Improved key distribution in a system for selective access to information
Challal et al. SAKM: a scalable and adaptive key management approach for multicast communications
US7007040B1 (en) Method and apparatus for storing and updating information in a multi-cast system
US20100174899A1 (en) Data distribution system, key management device, and key management method
Angamuthu et al. Balanced key tree management for multi‐privileged groups using (N, T) policy
Bettahar et al. AKMP: an adaptive key management protocol for secure multicast
Pegueroles et al. Improved LKH for batch rekeying in multicast groups
Ng et al. Multi-layers balanced LKH
Alyani et al. The improvement of key management based on logical key hierarchy by implementing Diffie Hellman algorithm
Ma et al. Dynamic access control for multi-privileged group communications
Mridula et al. Group key management techniques
Baddi et al. Key management for secure multicast communication: A survey
Padmavathi et al. A security framework for Content-Based Publish–Subscribe system
Purushothama et al. Group key management scheme for simultaneous multiple groups with overlapped membership
EP1875660B1 (en) Tag generation method in broadcast encryption system
Patil et al. ON THE SECURITY OF COMBINATORIAL DESIGN BASED GROUP KEY MANAGEMENT SCHEME.
Vasudevan Analysis of the various key management algorithms and new proposal in the secure multicast communications
JP2002300149A (en) Key management system for broadcast distribution
Geetha et al. A Study on Various Cryptographic Key Management and Distribution System in Secure Multicast Communications

Legal Events

Date Code Title Description
AS Assignment

Owner name: GENERAL INSTRUMENT CORPORATION, PENNSYLVANIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MEDVINSKY, ALEXANDER;REEL/FRAME:013595/0836

Effective date: 20021213

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: MOTOROLA MOBILITY LLC, ILLINOIS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GENERAL INSTRUMENT HOLDINGS, INC.;REEL/FRAME:030866/0113

Effective date: 20130528

Owner name: GENERAL INSTRUMENT HOLDINGS, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GENERAL INSTRUMENT CORPORATION;REEL/FRAME:030764/0575

Effective date: 20130415

AS Assignment

Owner name: GOOGLE TECHNOLOGY HOLDINGS LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOROLA MOBILITY LLC;REEL/FRAME:034358/0264

Effective date: 20141028

FPAY Fee payment

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20201111